Use Terraform on Windows

Updated at:
Copy as MD

This topic describes how to use Terraform on Windows to create Alibaba Cloud resources.

Managing your infrastructure as code (IaC) with Terraform involves the following main steps.

  1. Install Terraform: Ensure your system can recognize and execute Terraform commands.

  2. Write a Terraform configuration file: The configuration file is the core of Terraform. It describes the creation, configuration, and dependencies of resources, such as VPCs, ECS instances, and OSS buckets.

  3. Initialize and create resources: This critical step turns your infrastructure design into active resources.

  4. View and manage resources: After deployment, you can view and manage your infrastructure to ensure it meets current requirements.

  5. Destroy resources: When no longer needed, you can destroy the resources.

1. Install Terraform

  1. Go to the official Terraform website, download the Terraform binary for your Windows operating system, and extract it.

    The download page provides installation packages for the 386 and AMD64 architectures. Select the one that matches your system and click Download.

  2. Add the Terraform installation path to the Path environment variable.

    1. On your desktop, right-click This PC and select Properties > Advanced system settings > Environment Variables.

    2. Under System variables or User variables, click Path, and then select Edit > New. Enter the path to the directory where you extracted the Terraform binary, and click OK to save your changes.

  3. Verify the installation. Press the Win+R keys, enter cmd, and click OK to open Command Prompt. Run the terraform --version command. If you see output similar to the following, the installation is successful.

    Terraform v1.9.3
    on windows_amd64
    

2. Write a Terraform configuration file

The configuration file is the core of Terraform. It defines the infrastructure resources to be deployed in the cloud or on-premises, such as VPC, ECS, and OSS.

  1. Create a new folder, for example, ecs, and then create a Terraform configuration file named main.tf in that folder.

    Creating a separate working directory for each Terraform project is a best practice. It keeps resources organized, prevents state file conflicts, and simplifies version control. This separation also helps isolate environments and manage modules, which improves maintainability and security.

  2. Write the Terraform configuration file. The ECS instance and its dependent resources, such as the VPC and security group, are defined as code in the configuration file. You can copy the following code into main.tf.

    Important
    • This example creates a pay-as-you-go ECS instance, which incurs charges upon creation.

    • This example uses environment variables for Terraform authentication. For more information, see Terraform Authentication.

    The following resources are required to create an ECS instance:

    Resource

    Description

    alicloud_vpc

    Creates a VPC instance.

    alicloud_vswitch

    Creates a vSwitch instance.

    alicloud_security_group

    Creates a security group.

    alicloud_security_group_rule

    Creates ingress and egress rules for a security group.

    alicloud_instance

    Creates an ECS instance.

    variable "name" {
      type    = string
      default = "tf-test"
    }
    # Specify the region.
    variable "region" {
      type    = string
      default = "cn-beijing"
    }
    # Public bandwidth. If greater than 0, a public IP address is assigned to the instance.
    variable "internet_max_bandwidth_out" {
      type    = number
      default = 10
    }
    # Specify the ECS instance type.
    variable "instance_type" {
      type    = string
      default = "ecs.e-c1m1.large"
    }
    # Specify the image ID.
    variable "image_id" {
      default = "ubuntu_18_04_64_20G_alibase_20190624.vhd"
    }
    # Define tags for the resources.
    variable "tags" {
      type    = map(string)
      default = {
        From =  "Terraform"
        Usage =  "demo"
      }
    }
    provider "alicloud" {
      region = var.region
    }
    # Get available zones for the specified instance type.
    data "alicloud_zones" "default" {
      available_instance_type = var.instance_type
      available_resource_creation = "VSwitch"
      available_disk_category = "cloud_ssd"
    }
    # Create a VPC.
    resource "alicloud_vpc" "vpc" {
      vpc_name   = var.name
      cidr_block = "172.16.0.0/12"
    }
    # Create a vSwitch.
    resource "alicloud_vswitch" "vsw" {
      vpc_id     = alicloud_vpc.vpc.id
      cidr_block = "172.16.0.0/21"
      zone_id    = data.alicloud_zones.default.zones[0].id
    }
    # Create a security group.
    resource "alicloud_security_group" "default" {
      name   = var.name
      vpc_id = alicloud_vpc.vpc.id
    }
    # Add an inbound rule to allow SSH access.
    resource "alicloud_security_group_rule" "allow_tcp_22" {
      type              = "ingress"
      ip_protocol       = "tcp"
      nic_type          = "intranet"
      policy            = "accept"
      port_range        = "22/22"
      priority          = 1
      security_group_id = alicloud_security_group.default.id
      cidr_ip           = "0.0.0.0/0"
    }
    # Create an ECS instance.
    resource "alicloud_instance" "instance" {
      availability_zone          = data.alicloud_zones.default.zones.0.id
      security_groups            = alicloud_security_group.default.*.id
      instance_type              = var.instance_type
      system_disk_category       = "cloud_essd_entry"
      image_id                   = var.image_id
      instance_name              = var.name
      vswitch_id                 = alicloud_vswitch.vsw.id
      internet_max_bandwidth_out = var.internet_max_bandwidth_out
      tags                       = var.tags
    }
    output "ecs_id" {
      value = alicloud_instance.instance.id
    }
    output "ecs_ip" {
      value = alicloud_instance.instance.public_ip
    }

3. Initialize and create resources

After you write the Terraform configuration file, you must initialize the working directory before creating resources.

3.1 Initialize Terraform

In Command Prompt, switch to the folder you created in Step 2, and then run the terraform init command. For any new Terraform configuration, terraform init is the first command to run. It initializes the working directory, downloading the required Alibaba Cloud provider plugin and creating other necessary files.

# Switch to the D: drive.
d:
# Switch to the folder path from Step 2. Replace tool/terraform/projects/ecs with your actual path.
cd tool/terraform/projects/ecs
# Run the initialization command.
terraform init

3.2 Create resources

  1. Run terraform plan to create an execution plan. The plan shows detailed information about all the resources that will be created, modified, or destroyed when you run terraform apply.

    ...
          + router_table_id     = (known after apply)
          + secondary_cidr_blocks = (known after apply)
          + status              = (known after apply)
          + user_cidrs          = (known after apply)
          + vpc_name            = "tf_vpc_test"
        }
      # alicloud_vswitch.vsw will be created
      + resource "alicloud_vswitch" "vsw" {
          + availability_zone    = (known after apply)
          + cidr_block           = "172.16.0.0/21"
          + create_time          = (known after apply)
          + id                   = (known after apply)
          + ipv6_cidr_block      = (known after apply)
          + ipv6_cidr_block_mask = (known after apply)
          + name                 = (known after apply)
          + status               = (known after apply)
          + vpc_id               = (known after apply)
          + vswitch_name         = (known after apply)
          + zone_id              = "cn-beijing-a"
        }
    Plan: 5 to add, 0 to change, 0 to destroy.
    Note: You didn't use the -out option to save this plan, so Terraform can't guarantee to take exactly these actions if
    you run "terraform apply" now.
  2. When you run terraform apply, resources are created based on the execution plan generated by terraform plan. During the creation process, you must enter yes when prompted to continue creating the resources. For more information about how to pass values to variables, see Variable.

    Plan: 5 to add, 0 to change, 0 to destroy.
    Changes to Outputs:
      + ecs_id = (known after apply)
      + ecs_ip = (known after apply)
    Do you want to perform these actions?
      Terraform will perform the actions described above.
      Only 'yes' will be accepted to approve.
      Enter a value: yes
    alicloud_vpc.vpc: Creating...
    alicloud_vpc.vpc: Creation complete after 7s [id=vpc-2zexxx5: xxxk5w]
    alicloud_security_group.default: Creating...
    alicloud_vswitch.vsw: Creating...
    alicloud_security_group.default: Creation complete after 2s [id=sg-2zexxx4xxx9pa]
    alicloud_security_group_rule.allow_tcp_22: Creating...
    alicloud_security_group_rule.allow_tcp_22: Creation complete after 0s [id=sg-2zexxx4xxx9pa:ingress:tcp:22/22:intranet:0.0.0.0/0:accept:1]
    alicloud_vswitch.vsw: Creation complete after 4s [id=vsw-2zexxxxxxxxxxxgwdf]
    alicloud_instance.instance: Creating...
    alicloud_instance.instance: Still creating... [10s elapsed]
    alicloud_instance.instance: Creation complete after 14s [id=i-2zexxxxxxxxxxxkmo]
    Apply complete! Resources: 5 added, 0 changed, 0 destroyed.
    Outputs:
    ecs_id = "i-2zexxxxxxxxxxxkmo"
    ecs_ip = "3x.1xx.1xx.x41"

4. View and manage resources

After deployment, you can manage and maintain your infrastructure.

4.1 View resources

  • Run the terraform show command to view detailed information about the resources.

    D:\tool\terraform\projects\ecs>terraform show
    # data.alicloud_zones.default:
    data "alicloud_zones" "default" {
        available_disk_category    = "cloud_ssd"
        available_instance_type    = "ecs.e-c1m1.large"
        available_resource_creation = "VSwitch"
        enable_details             = false
        id                         = "2398922967"
        ids                        = [
            "cn-beijing-a",
            "cn-beijing-c",
            "cn-beijing-e",
            "cn-beijing-f",
            "cn-beijing-g",
            "cn-beijing-h",
            "cn-beijing-i",
        ]
        instance_charge_type       = "PostPaid"
        multi                      = false
        spot_strategy              = "NoSpot"
        zones                      = [
            {
                available_disk_categories  = []
                available_instance_types   = []
                available_resource_creation = []
                id                         = "cn-beijing-a"
                local_name                 = null
                multi_zone_ids             = []
                slb_slave_zone_ids         = []
            }
        ]
    }
  • Run the terraform state list command to list all created resources.

    D:\tool\terraform\projects\ecs>terraform state list
    data.alicloud_zones.default
    alicloud_instance.instance
    alicloud_security_group.default
    alicloud_security_group_rule.allow_tcp_22
    alicloud_vpc.vpc
    alicloud_vswitch.vsw
  • Run the terraform state show <resource_type>.<resource_name> command to view detailed information about a specific resource.

    D:\tool\terraform\projects\ecs>terraform state show alicloud_vpc.vpc
    # alicloud_vpc.vpc:
    resource "alicloud_vpc" "vpc" {
        cidr_block                 = "172.16.0.0/12"
        classic_link_enabled       = false
        create_time                = "2024-09-09T05:54:41Z"
        description                = null
        enable_ipv6                = false
        id                         = "vpc-2zexxx"
        ipv6_cidr_block            = null
        ipv6_cidr_blocks           = []
        name                       = "tf-test"
        resource_group_id          = "rg-acfxxx"
        route_table_id             = "vtb-2zexxx"
        router_id                  = "vrt-2zexxx"
        router_table_id            = "vtb-2zexxx"
        secondary_cidr_blocks      = []
        status                     = "Available"
        system_route_table_description = null
        system_route_table_name    = null
        user_cidrs                 = []
        vpc_name                   = "tf-test"
    }
  • View information about the created resources on the Alibaba Cloud Management Console.

4.2 Manage resources

After Terraform creates or modifies resources, it saves their state and attributes to the terraform.tfstate file. You can use terraform state commands to manage the state. For more information, see Introduction to State.

4.3 Modify resources

  1. Modify a resource definition in your configuration file (such as main.tf or another .tf file). For example, you can add a new inbound rule to the security group.

    resource "alicloud_security_group_rule" "allow_tcp_443" {
      type              = "ingress"
      ip_protocol       = "tcp"
      nic_type          = "intranet"
      policy            = "accept"
      port_range        = "443/443"
      priority          = 1
      security_group_id = alicloud_security_group.default.id
      cidr_ip           = "0.0.0.0/0"
    }
  2. Run the terraform plan command to preview your changes.

    Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
      + create
    Terraform will perform the following actions:
      # alicloud_security_group_rule.allow_tcp_443 will be created
      + resource "alicloud_security_group_rule" "allow_tcp_443" {
          + cidr_ip            = "0.0.0.0/0"
          + id                 = (known after apply)
          + ip_protocol        = "tcp"
          + nic_type           = "intranet"
          + policy             = "accept"
          + port_range         = "443/443"
          + prefix_list_id     = (known after apply)
          + priority           = 1
          + security_group_id  = "sg-2zexxx9pa"
          + type               = "ingress"
        }
    Plan: 1 to add, 0 to change, 0 to destroy.
  3. If the plan is correct, run the terraform apply command. Enter yes when prompted to apply the changes.

    Plan: 1 to add, 0 to change, 0 to destroy.
    Do you want to perform these actions?
      Terraform will perform the actions described above.
      Only 'yes' will be accepted to approve.
      Enter a value: yes
    alicloud_security_group_rule.allow_tcp_22: Creating...
    alicloud_security_group_rule.allow_tcp_443: Creating...
    alicloud_security_group_rule.allow_tcp_22: Creation complete after 1s [id=sg-2zexxx:xxx:ingress:tcp:22/22:intranet:0.0.0.0/0:accept:1]
    alicloud_security_group_rule.allow_tcp_443: Creation complete after 1s [id=sg-2zexxx:xxx:ingress:tcp:443/443:intranet:0.0.0.0/0:accept:1]
    Apply complete! Resources: 1 added, 0 changed, 0 destroyed.
    Outputs:
    ecs_id = "i-2zexxx"
    ecs_ip = "3x.xxx.xxx.x41"

5. Destroy resources

When you no longer need the resources, run the terraform destroy command to remove the infrastructure.

Plan: 0 to add, 0 to change, 6 to destroy.
Changes to Outputs:
  - ecs_id = "i-2zxxx" -> null
  - ecs_ip = "3xxx" -> null
Do you really want to destroy all resources?
  Terraform will destroy all your managed infrastructure, as shown above.
  There is no undo. Only 'yes' will be accepted to confirm.
  Enter a value: yes
alicloud_security_group_rule.allow_tcp_443: Destroying...  [id=sg-2zexxx:ingress:tcp:443/443:intranet:0.0.0.0/0:accept:1]
alicloud_security_group_rule.allow_tcp_22: Destroying...  [id=sg-2zexxx:ingress:tcp:22/22:intranet:0.0.0.0/0:accept:1]
alicloud_instance.instance: Destroying...  [id=i-2zexxxkmo]
alicloud_security_group_rule.allow_tcp_443: Destruction complete after 1s
alicloud_security_group_rule.allow_tcp_22: Destruction complete after 1s
alicloud_instance.instance: Still destroying...  [id=i-2zexxxkmo, 10s elapsed]
alicloud_instance.instance: Destruction complete after 12s
alicloud_security_group.default: Destroying...  [id=sg-2zexxxpa]
alicloud_vswitch.vsw: Destroying...  [id=vsw-2zexxxvdf]
alicloud_security_group.default: Destruction complete after 2s
alicloud_vswitch.vsw: Destruction complete after 8s
alicloud_vpc.vpc: Destroying...  [id=vpc-2zexxxk5w]
alicloud_vpc.vpc: Destruction complete after 6s
Destroy complete! Resources: 6 destroyed.

References